mirror of
https://github.com/fleetdm/fleet
synced 2026-05-21 07:58:31 +00:00
02437a098e
Closes: #19271 Closes: #19286 Changes: - Updated the example in the schema folder readme - Updated the block scalar used in Fleet's osquery override documentation (`>-` » `|-`) and removed extra newlines - Updated the block scalar used in URLs used to create new yaml override files - Regenerated osqeury_fleet_schema.json
10 lines
No EOL
623 B
YAML
10 lines
No EOL
623 B
YAML
name: windows_firewall_rules
|
|
examples: |-
|
|
Controlling inbound access to remote services is essential for maintaining security on a system. This query lists all enabled Windows Firewall rules that allow inbound RDP, WinRM & VNC connections on the public firewall profile.
|
|
|
|
```
|
|
SELECT name,app_name,local_ports FROM windows_firewall_rules WHERE enabled = 1 AND direction = "In" AND remote_addresses="*" AND profile_public = 1 AND action = "Allow" AND local_ports IN ("3389","5985","5986","5900");
|
|
```
|
|
|
|
notes: |-
|
|
* A rule can exist, but it has to be part of the currently enabled firewall profile to be enforced. |